System Prep
Before installing any service, update the package repositories and install the tools the mo-installer and moctl depend on.
1.1 Update the system
sudo dnf update -y
sudo reboot
1.2 Enable the EPEL repository
Oracle Linux ships its own EPEL release package.
sudo dnf install -y oracle-epel-release-el8
sudo dnf update -y
1.3 Install required utilities
sudo dnf install -y unzip wget curl jq net-tools vim bash-completion tar lsof telnet firewalld
1.4 Configure the firewall
The DB port is opened in the database section. Open all the IDP-service and broker ports here.
sudo systemctl enable --now firewalld
sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --permanent --add-port=8070/tcp
sudo firewall-cmd --permanent --add-port=8071/tcp
sudo firewall-cmd --permanent --add-port=8072/tcp
sudo firewall-cmd --permanent --add-port=6379/tcp
sudo firewall-cmd --permanent --add-port=5672/tcp
sudo firewall-cmd --permanent --add-port=15672/tcp
sudo firewall-cmd --reload
1.5 Set SELinux to permissive
The IDP microservices communicate locally on a wide port range; SELinux enforcing interferes. Persist the change so it survives reboots.
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config
getenforce
Expected output: Permissive.
1.6 Ensure the network reconnects on reboot
If you’re using NetworkManager (default on OL8), enable auto-connect on the active interface. Find the connection name first:
nmcli connection show
Then enable auto-connect (substitute your interface name):
sudo nmcli connection modify enp1s0 connection.autoconnect yes
sudo systemctl restart NetworkManager
hostname -I
Database
PostgreSQL 16 on Oracle Linux 8. The installer ships the PostgreSQL JDBC driver, so no manual driver placement is needed.
2.1 Add the PGDG repository
sudo dnf install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm
2.2 Disable the built-in PostgreSQL module
sudo dnf -qy module disable postgresql
2.3 Install PostgreSQL 16
sudo dnf install -y postgresql16-server postgresql16 postgresql16-contrib
2.4 Initialise and start the service
sudo /usr/pgsql-16/bin/postgresql-16-setup initdb
sudo systemctl enable --now postgresql-16
sudo systemctl status postgresql-16
2.5 Create the miniOrange database and user
sudo -u postgres psql <<'SQL'
CREATE USER moadmin WITH PASSWORD 'Password123';
CREATE DATABASE miniorangedb OWNER moadmin;
ALTER USER moadmin WITH SUPERUSER;
SQL
2.6 Switch authentication to md5
sudo sed -i \
-E 's/^(host\s+all\s+all\s+(127\.0\.0\.1\/32|::1\/128)\s+)ident/\1md5/' \
/var/lib/pgsql/16/data/pg_hba.conf
sudo systemctl restart postgresql-16
2.7 Open the PostgreSQL port (only if remote access is needed)
sudo firewall-cmd --permanent --add-port=5432/tcp
sudo firewall-cmd --reload
2.8 Verify
PGPASSWORD=Password123 psql -h 127.0.0.1 -U moadmin -d miniorangedb -c '\l'
Values for the /initialize wizard
| Field | Value |
|---|---|
| Database Type | PostgreSQL |
| Host | 127.0.0.1 |
| Port | 5432 |
| Database name | miniorangedb |
| Username | moadmin |
| Password | Password123 |
MySQL 8.4 LTS on Oracle Linux 8. These steps are derived from the MySQL community repo flow plus the JDBC driver convention from the source Oracle 19c documentation; review before production.
2.1 Disable the built-in MySQL module
sudo dnf -qy module disable mysql
2.2 Add the MySQL community repository
sudo dnf install -y https://dev.mysql.com/get/mysql84-community-release-el8-1.noarch.rpm
sudo dnf clean all && sudo dnf makecache
2.3 Install MySQL 8.4
sudo dnf install -y mysql-community-server mysql-community-client
sudo systemctl enable --now mysqld
2.4 Retrieve the temporary root password
sudo grep 'temporary password' /var/log/mysqld.log
2.5 Secure the installation
sudo mysql_secure_installation
2.6 Create the miniOrange database and user
mysql -u root -p <<'SQL'
CREATE DATABASE miniorangedb CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'moadmin'@'localhost' IDENTIFIED BY 'Password123';
CREATE USER 'moadmin'@'%' IDENTIFIED BY 'Password123';
GRANT ALL PRIVILEGES ON miniorangedb.* TO 'moadmin'@'localhost';
GRANT ALL PRIVILEGES ON miniorangedb.* TO 'moadmin'@'%';
FLUSH PRIVILEGES;
SQL
2.7 Place the MySQL JDBC driver (derived assumption)
sudo mkdir -p /opt/miniorange/drivers
cd /tmp
sudo wget https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-8.4.0-1.el8.noarch.rpm
sudo dnf install -y ./mysql-connector-j-8.4.0-1.el8.noarch.rpm
sudo cp /usr/share/java/mysql-connector-j-8.4.0.jar /opt/miniorange/drivers/
sudo chmod 644 /opt/miniorange/drivers/mysql-connector-j-8.4.0.jar
2.8 Open the MySQL port (only if remote access is needed)
sudo firewall-cmd --permanent --add-port=3306/tcp
sudo firewall-cmd --reload
2.9 Verify
mysql -u moadmin -pPassword123 -h 127.0.0.1 -e 'SHOW DATABASES;'
Values for the /initialize wizard
| Field | Value |
|---|---|
| Database Type | MySQL |
| Host | 127.0.0.1 |
| Port | 3306 |
| Database name | miniorangedb |
| Username | moadmin |
| Password | Password123 |
Microsoft SQL Server 2022 on Oracle Linux 8 is not officially listed by Microsoft, but works in practice because OL8 is binary-compatible with RHEL 8. These steps are derived from the RHEL 8 install path plus the JDBC driver convention from the source Oracle flow.
2.1 Verify system requirements
MSSQL on Linux requires at least 2 GB of RAM.
free -h
2.2 Add the Microsoft repository (using the RHEL 8 repo)
sudo curl -o /etc/yum.repos.d/mssql-server.repo \
https://packages.microsoft.com/config/rhel/8/mssql-server-2022.repo
sudo curl -o /etc/yum.repos.d/msprod.repo \
https://packages.microsoft.com/config/rhel/8/prod.repo
2.3 Install MSSQL 2022 and tools
sudo dnf install -y mssql-server
sudo ACCEPT_EULA=Y dnf install -y mssql-tools18 unixODBC-devel
2.4 Run the initial setup
sudo /opt/mssql/bin/mssql-conf setup
sudo systemctl enable --now mssql-server
sudo systemctl status mssql-server
2.5 Add tools to PATH
echo 'export PATH="$PATH:/opt/mssql-tools18/bin"' | sudo tee /etc/profile.d/mssql.sh
source /etc/profile.d/mssql.sh
2.6 Create the miniOrange database and login
sqlcmd -S localhost -U SA -P '<SA_PASSWORD>' -C -Q "
CREATE DATABASE miniorangedb;
GO
CREATE LOGIN moadmin WITH PASSWORD = 'Password123!';
GO
USE miniorangedb;
CREATE USER moadmin FOR LOGIN moadmin;
ALTER ROLE db_owner ADD MEMBER moadmin;
GO
"
MSSQL enforces password complexity.
Password123!passes; plainPassword123does not.
2.7 Place the MSSQL JDBC driver (derived assumption)
sudo mkdir -p /opt/miniorange/drivers
cd /tmp
sudo curl -L -o mssql-jdbc.tar.gz \
https://download.microsoft.com/download/8/c/d/8cdfd87a-1684-4731-91a9-2ba182c8b0ad/sqljdbc_12.6.4.0_enu.tar.gz
sudo tar -xzf mssql-jdbc.tar.gz
sudo cp sqljdbc_12.6/enu/jars/mssql-jdbc-12.6.4.jre11.jar /opt/miniorange/drivers/
sudo chmod 644 /opt/miniorange/drivers/mssql-jdbc-12.6.4.jre11.jar
2.8 Open the MSSQL port
sudo firewall-cmd --permanent --add-port=1433/tcp
sudo firewall-cmd --reload
2.9 Verify
sqlcmd -S localhost -U moadmin -P 'Password123!' -C -Q "SELECT name FROM sys.databases;"
Values for the /initialize wizard
| Field | Value |
|---|---|
| Database Type | MSSQL |
| Host | 127.0.0.1 |
| Port | 1433 |
| Database name | miniorangedb |
| Username | moadmin |
| Password | Password123! |
Oracle Database 19c on Oracle Linux 8. This is the source-of-truth combination from the v5.0.0 deployment guide.
2.1 Install the Oracle preinstall package
sudo dnf install -y oracle-database-preinstall-19c
This creates the oracle user, sets kernel parameters, and configures shell limits.
2.2 Install Oracle 19c
Download oracle-database-ee-19c-*.rpm from Oracle’s site (login required) to the server, then:
cd /opt
sudo dnf localinstall -y oracle-database-ee-19c-*.rpm
2.3 Create the database
sudo /etc/init.d/oracledb_ORCLCDB-19c configure
This creates the structure:
| Item | Value |
|---|---|
| CDB | ORCLCDB |
| PDB | ORCLPDB1 |
| Listener | 1521 |
2.4 Configure Oracle environment variables
sudo -i -u oracle bash <<'BASH'
cat >> ~/.bash_profile <<'PROFILE'
export ORACLE_BASE=/u01/app/oracle
export ORACLE_HOME=/u01/app/oracle/product/19.0.0/dbhome_1
export ORACLE_SID=ORCLCDB
export PATH=$ORACLE_HOME/bin:$PATH
PROFILE
source ~/.bash_profile
echo $ORACLE_HOME
BASH
2.5 Start the database and open the PDB
sudo -i -u oracle bash -c "sqlplus -S / as sysdba" <<'SQL'
STARTUP;
ALTER PLUGGABLE DATABASE ALL OPEN;
ALTER PLUGGABLE DATABASE ALL SAVE STATE;
SHOW PDBS;
SQL
Expected output for the last command:
ORCLPDB1 READ WRITE
2.6 Start and verify the listener
sudo -i -u oracle bash -c "lsnrctl start || lsnrctl status"
sudo ss -tulnp | grep 1521
Expected from lsnrctl status: Service "ORCLPDB1" has 1 instance(s).
2.7 Create the miniOrange Oracle user
sudo -i -u oracle bash -c "sqlplus -S / as sysdba" <<'SQL'
ALTER SESSION SET CONTAINER=ORCLPDB1;
CREATE USER moadmin IDENTIFIED BY Password123;
GRANT CONNECT, RESOURCE TO moadmin;
GRANT DBA TO moadmin;
SQL
Verify over the service name:
sudo -i -u oracle bash -c "sqlplus moadmin/Password123@//127.0.0.1:1521/ORCLPDB1 <<< 'SELECT 1 FROM dual;'"
2.8 Configure Oracle to auto-start
sudo systemctl enable oracle-database
systemctl list-units | grep oracle
Note. If the
oracle-databasesystemd unit is not present, a custom startup script is required. Confirm with your DBA which unit name the deployment uses.
2.9 Place the Oracle JDBC driver
This step is required. The miniOrange installer does not bundle the Oracle JDBC driver because of Oracle’s licensing.
sudo mkdir -p /opt/miniorange/drivers
sudo find /u01/app/oracle -name 'ojdbc8.jar' -print 2>/dev/null | head -1
sudo cp /u01/app/oracle/product/19.0.0/dbhome_1/jdbc/lib/ojdbc8.jar \
/opt/miniorange/drivers/
sudo chmod 644 /opt/miniorange/drivers/ojdbc8.jar
2.10 Open the Oracle port
sudo firewall-cmd --permanent --add-port=1521/tcp
sudo firewall-cmd --reload
Values for the /initialize wizard
Important. Use Service Name, not SID. The IDP schema lives in the PDB (
ORCLPDB1), not the CDB (ORCLCDB).
| Field | Value |
|---|---|
| Database Type | Oracle |
| Host | 127.0.0.1 |
| Port | 1521 |
| SID / Service | Service |
| Service Name | ORCLPDB1 |
| Username | moadmin |
| Password | Password123 |
Erlang + RabbitMQ
RabbitMQ is used by the IDP for internal messaging between microservices. It requires Erlang. Both are installed from the official RabbitMQ RPM releases on GitHub.
Note. RabbitMQ is not bundled with
mo-installerand must be installed before running the installer.
3.1 Install Erlang 26
sudo dnf install -y \
https://github.com/rabbitmq/erlang-rpm/releases/download/v26.2.5.2/erlang-26.2.5.2-1.el8.x86_64.rpm \
--nogpgcheck
3.2 Install RabbitMQ 3.13.7
sudo dnf install -y \
https://github.com/rabbitmq/rabbitmq-server/releases/download/v3.13.7/rabbitmq-server-3.13.7-1.el8.noarch.rpm \
--nogpgcheck
3.3 Enable and start the service
sudo systemctl enable --now rabbitmq-server
sudo systemctl status rabbitmq-server
3.4 Enable the management plugin
sudo rabbitmq-plugins enable rabbitmq_management
sudo systemctl restart rabbitmq-server
3.5 Verify
sudo rabbitmqctl status
sudo ss -tulnp | grep 5672
Expected:
LISTEN 0 128 *:5672
Values for the /initialize wizard
| Field | Value |
|---|---|
| RabbitMQ Host | 127.0.0.1 |
| AMQP Port | 5672 |
| Mgmt UI Port | 15672 |
| Default Login | guest / guest |
mo-installer
The installer bundles Java 17 and Redis. You don’t install either manually. The installer auto-detects the OS and deploys the IDP services into /opt/tomcat/.
4.1 Download the installer
cd /opt
sudo wget https://miniorange.s3.us-east-1.amazonaws.com/public/installers/mo-installer-5.0.0.zip
sudo unzip mo-installer-5.0.0.zip -d mo-installer-5.0.0
cd /opt/mo-installer-5.0.0
ls -la
You should see:
.env.sh Environment configuration (review before sourcing)
mo-installer.sh Main installer script
moctl/ moctl CLI and bash completion
4.2 Source the environment file
less .env.sh
source .env.sh
Note. In v5.0.0,
.env.shdoes not contain database connection details. The DB connection is configured later through the browser UI at/initialize.
4.3 Set execute permissions
sudo chmod +x mo-installer.sh moctl/*.sh
4.4 Run the installer
sudo bash mo-installer.sh
The installer covers:
- Java 17 — installed automatically
- Redis — installed and configured automatically
- moctl — installed to
/usr/bin/moctlwith tab completion - IDP services — deployed to
/opt/tomcat/
At the end of the run:
Next step: moctl service start
4.5 Start the four core services
moctl service start
| Service | Port | Purpose |
|---|---|---|
| configserver | 8071 | Configuration |
| eurekaserver | 8070 | Service registry |
| gatekeeper | 8072 | API gateway |
| miniorange | 8080 | Main IDP service |
4.6 Check service status
moctl service status
| Symbol | Meaning |
|---|---|
● running | Active and registered in Eureka |
△ registering | Active but not yet registered; wait and recheck |
△ stopped | Inactive |
✗ failed | Check moctl log <service> |
4.7 Open /initialize in a browser
https://<SERVER_IP>/initialize
You will see a self-signed certificate warning. Proceed past it.
Enter the values from the Database section above, plus Redis (127.0.0.1:6379, no password by default) and RabbitMQ (Section 3 values).
After the wizard completes, the dashboard loads. Navigate to Settings → Base URL and set it to your final domain:
https://<your-domain>
4.8 Restart all services
moctl service restart
This step is required to start the secondary services that depend on the completed schema. Wait 1–2 minutes for everything to register.
Verify & Service Enablement
5.1 Full service status
moctl service status
Every service should show ● running or ● reachable. If a service shows △ registering, wait 30 seconds and re-run.
5.2 Full diagnostics
moctl diagnose
Expected output includes:
Oracle connectivity reachable (or Database connectivity reachable for non-Oracle)
Redis reachable
RabbitMQ reachable
5.3 Individual service status
systemctl status mo-idp-miniorange.service
systemctl status redis
systemctl status rabbitmq-server
5.4 Check all bound ports
sudo ss -tulnp | egrep '8080|8070|8071|8072|6379|5672'
For your DB:
| DB | Port |
|---|---|
| PostgreSQL | 5432 |
| MySQL | 3306 |
| MSSQL | 1433 |
| Oracle | 1521 |
5.5 Preflight
moctl pre
Validation checklist
Run through this list to confirm a healthy deployment:
| Validation | OK |
|---|---|
| DB port active and listening | ☐ |
| Redis reachable | ☐ |
| RabbitMQ reachable on port 5672 | ☐ |
| miniOrange UI accessible via browser | ☐ |
| (Oracle) ORCLPDB1 in READ WRITE state | ☐ |
moctl diagnose — all services green | ☐ |
| Services configured for auto-start | ☐ |
Common issues
Issue: ORA-01034: ORACLE not available (Oracle only)
The DB isn’t started.
sudo -i -u oracle bash -c "sqlplus -S / as sysdba <<< 'STARTUP;'"
Issue: Listener supports no services (Oracle only)
The DB started after the listener, or the PDB isn’t open.
sudo -i -u oracle bash -c "sqlplus -S / as sysdba" <<'SQL'
ALTER PLUGGABLE DATABASE ALL OPEN;
SQL
sudo -i -u oracle bash -c "lsnrctl status"
Issue: Cannot connect to ORCLPDB1 (Oracle only)
You used SID mode instead of Service Name mode in the UI. In the wizard, set SID/Service = Service and Service Name = ORCLPDB1.
Issue: RabbitMQ reachable: false
sudo systemctl restart rabbitmq-server
sudo ss -tulnp | grep 5672
sudo rabbitmqctl status
Issue: miniOrange version shows 1.0.0
The schema migration didn’t complete. Connect to the DB and check tables exist; if not, restart all services and retry the initialize step.
Issue: Tomcat stale PID after a crash
sudo rm -f /opt/tomcat/latest/temp/*.pid
moctl service restart miniorange